Ravens PHP Scripts

Vote! Pro PHP *eval()* Injection Vulnerability
Date: Tuesday, January 23, 2007 @ 12:40:03 CET
Topic: Security


VERIFY ADVISORY: http://secunia.com/advisories/23834/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Vote! Pro 4.x - http://secunia.com/product/13306/

DESCRIPTION: r0ut3r has reported a vulnerability in Vote! Pro, which can be exploited by malicious people to compromise vulnerable systems.

Input passed to the "poll_id" parameter in poll_frame.php is not properly sanitised before being used in "eval()" calls. This can be exploited to inject and execute arbitrary PHP code via a specially crafted parameter value. The vulnerability is reported in version 4.0. Other versions may also be affected.

NOTE: The "poll_id" eval() issue reportedly affects many other scripts in the product.

SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: r0ut3r

This article comes from Ravens PHP Scripts

The URL for this story is: